/** * Registers a {@link Filter} to exist at a particular {@link Filter} position * @param filter the {@link Filter} to register * @param atFilter the {@link Filter} that is already registered and that * {@code filter} should be placed at. */ public void registerAt(Class<? extends Filter> filter, Class<? extends Filter> atFilter) { Integer position = getOrder(atFilter); if (position == null) { throw new IllegalArgumentException( "Cannot register after unregistered Filter " + atFilter); } put(filter, position); }
public HttpSecurity addFilter(Filter filter) { Class<? extends Filter> filterClass = filter.getClass(); if (!comparator.isRegistered(filterClass)) { throw new IllegalArgumentException( "The Filter class " + filterClass.getName() + " does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead."); } this.filters.add(filter); return this; }
public HttpSecurity addFilterAfter(Filter filter, Class<? extends Filter> afterFilter) { comparator.registerAfter(filter.getClass(), afterFilter); return addFilter(filter); }
/** * Determines if a particular {@link Filter} is registered to be sorted * * @param filter * @return */ public boolean isRegistered(Class<? extends Filter> filter) { return getOrder(filter) != null; }
public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter) { comparator.registerBefore(filter.getClass(), beforeFilter); return addFilter(filter); }
FilterComparator() { Step order = new Step(INITIAL_ORDER, ORDER_STEP); put(ChannelProcessingFilter.class, order.next()); put(ConcurrentSessionFilter.class, order.next()); put(WebAsyncManagerIntegrationFilter.class, order.next()); put(SecurityContextPersistenceFilter.class, order.next()); put(HeaderWriterFilter.class, order.next()); put(CorsFilter.class, order.next()); put(CsrfFilter.class, order.next()); put(LogoutFilter.class, order.next()); filterToOrder.put( "org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter", order.next()); put(X509AuthenticationFilter.class, order.next()); put(AbstractPreAuthenticatedProcessingFilter.class, order.next()); filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter", order.next()); "org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter", order.next()); put(UsernamePasswordAuthenticationFilter.class, order.next()); put(ConcurrentSessionFilter.class, order.next()); filterToOrder.put( "org.springframework.security.openid.OpenIDAuthenticationFilter", order.next()); put(DefaultLoginPageGeneratingFilter.class, order.next()); put(DefaultLogoutPageGeneratingFilter.class, order.next()); put(ConcurrentSessionFilter.class, order.next()); put(DigestAuthenticationFilter.class, order.next()); filterToOrder.put( "org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter", order.next());
/** * Adds the Filter at the location of the specified Filter class. For example, if you * want the filter CustomFilter to be registered in the same position as * {@link UsernamePasswordAuthenticationFilter}, you can invoke: * * <pre> * addFilterAt(new CustomFilter(), UsernamePasswordAuthenticationFilter.class) * </pre> * * Registration of multiple Filters in the same location means their ordering is not * deterministic. More concretely, registering multiple Filters in the same location * does not override existing Filters. Instead, do not register Filters you do not * want to use. * * @param filter the Filter to register * @param atFilter the location of another {@link Filter} that is already registered * (i.e. known) with Spring Security. * @return the {@link HttpSecurity} for further customizations */ public HttpSecurity addFilterAt(Filter filter, Class<? extends Filter> atFilter) { this.comparator.registerAt(filter.getClass(), atFilter); return addFilter(filter); }
public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter) { comparator.registerBefore(filter.getClass(), beforeFilter); return addFilter(filter); }
FilterComparator() { Step order = new Step(INITIAL_ORDER, ORDER_STEP); put(ChannelProcessingFilter.class, order.next()); put(ConcurrentSessionFilter.class, order.next()); put(WebAsyncManagerIntegrationFilter.class, order.next()); put(SecurityContextPersistenceFilter.class, order.next()); put(HeaderWriterFilter.class, order.next()); put(CorsFilter.class, order.next()); put(CsrfFilter.class, order.next()); put(LogoutFilter.class, order.next()); filterToOrder.put( "org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter", order.next()); put(X509AuthenticationFilter.class, order.next()); put(AbstractPreAuthenticatedProcessingFilter.class, order.next()); filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter", order.next()); "org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter", order.next()); put(UsernamePasswordAuthenticationFilter.class, order.next()); put(ConcurrentSessionFilter.class, order.next()); filterToOrder.put( "org.springframework.security.openid.OpenIDAuthenticationFilter", order.next()); put(DefaultLoginPageGeneratingFilter.class, order.next()); put(DefaultLogoutPageGeneratingFilter.class, order.next()); put(ConcurrentSessionFilter.class, order.next()); put(DigestAuthenticationFilter.class, order.next()); filterToOrder.put( "org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter", order.next());
/** * Adds the Filter at the location of the specified Filter class. For example, if you * want the filter CustomFilter to be registered in the same position as * {@link UsernamePasswordAuthenticationFilter}, you can invoke: * * <pre> * addFilterAt(new CustomFilter(), UsernamePasswordAuthenticationFilter.class) * </pre> * * Registration of multiple Filters in the same location means their ordering is not * deterministic. More concretely, registering multiple Filters in the same location * does not override existing Filters. Instead, do not register Filters you do not * want to use. * * @param filter the Filter to register * @param atFilter the location of another {@link Filter} that is already registered * (i.e. known) with Spring Security. * @return the {@link HttpSecurity} for further customizations */ public HttpSecurity addFilterAt(Filter filter, Class<? extends Filter> atFilter) { this.comparator.registerAt(filter.getClass(), atFilter); return addFilter(filter); }
/** * Registers a {@link Filter} to exist after a particular {@link Filter} that is * already registered. * @param filter the {@link Filter} to register * @param afterFilter the {@link Filter} that is already registered and that * {@code filter} should be placed after. */ public void registerAfter(Class<? extends Filter> filter, Class<? extends Filter> afterFilter) { Integer position = getOrder(afterFilter); if (position == null) { throw new IllegalArgumentException( "Cannot register after unregistered Filter " + afterFilter); } put(filter, position + 1); }
/** * Determines if a particular {@link Filter} is registered to be sorted * * @param filter * @return */ public boolean isRegistered(Class<? extends Filter> filter) { return getOrder(filter) != null; }
public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter) { comparator.registerBefore(filter.getClass(), beforeFilter); return addFilter(filter); }
public HttpSecurity addFilter(Filter filter) { Class<? extends Filter> filterClass = filter.getClass(); if (!comparator.isRegistered(filterClass)) { throw new IllegalArgumentException( "The Filter class " + filterClass.getName() + " does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead."); } this.filters.add(filter); return this; }
public HttpSecurity addFilterAfter(Filter filter, Class<? extends Filter> afterFilter) { comparator.registerAfter(filter.getClass(), afterFilter); return addFilter(filter); }
FilterComparator() { int order = 100; put(ChannelProcessingFilter.class, order); order += STEP; put(ConcurrentSessionFilter.class, order); order += STEP; put(SecurityContextPersistenceFilter.class, order); order += STEP; put(LogoutFilter.class, order); order += STEP; put(X509AuthenticationFilter.class, order); order += STEP; put(AbstractPreAuthenticatedProcessingFilter.class, order); order += STEP; filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter", order); order += STEP; put(UsernamePasswordAuthenticationFilter.class, order); order += STEP; put(ConcurrentSessionFilter.class, order); order += STEP; filterToOrder.put("org.springframework.security.openid.OpenIDAuthenticationFilter", order); order += STEP; put(DefaultLoginPageViewFilter.class, order); order += STEP; put(ConcurrentSessionFilter.class, order); order += STEP; put(DigestAuthenticationFilter.class, order); order += STEP; put(BasicAuthenticationFilter.class, order); order += STEP;
/** * Adds the Filter at the location of the specified Filter class. For example, if you * want the filter CustomFilter to be registered in the same position as * {@link UsernamePasswordAuthenticationFilter}, you can invoke: * * <pre> * addFilterAt(new CustomFilter(), UsernamePasswordAuthenticationFilter.class) * </pre> * * Registration of multiple Filters in the same location means their ordering is not * deterministic. More concretely, registering multiple Filters in the same location * does not override existing Filters. Instead, do not register Filters you do not * want to use. * * @param filter the Filter to register * @param atFilter the location of another {@link Filter} that is already registered * (i.e. known) with Spring Security. * @return the {@link HttpSecurity} for further customizations */ public HttpSecurity addFilterAt(Filter filter, Class<? extends Filter> atFilter) { this.comparator.registerAt(filter.getClass(), atFilter); return addFilter(filter); }
/** * Registers a {@link Filter} to exist before a particular {@link Filter} that is * already registered. * @param filter the {@link Filter} to register * @param beforeFilter the {@link Filter} that is already registered and that * {@code filter} should be placed before. */ public void registerBefore(Class<? extends Filter> filter, Class<? extends Filter> beforeFilter) { Integer position = getOrder(beforeFilter); if (position == null) { throw new IllegalArgumentException( "Cannot register after unregistered Filter " + beforeFilter); } put(filter, position - 1); }